|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
Patchesfix.patch (last revision 2015-02-05 04:29 UTC by Nayana at ddproperty dot com)Pull Requests
Pull requests:
HistoryAllCommentsChangesGit/SVN commits
[2015-02-05 08:41 UTC] laruence@php.net
-Status: Open
+Status: Closed
-Assigned To:
+Assigned To: laruence
[2015-02-05 08:41 UTC] laruence@php.net
|
|||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Sat Feb 22 15:01:29 2025 UTC |
Description: ------------ it seems that the pointer returned by php_stream_fopen_temporary_file / php_stream_fopen_tmpfile is not validated prior to use in memory.c in the case where a script is executed in an environment where the TMPDIR is not writable to the user, it will cause a SIGSEGV. from the script side any code that utilize php://temp with 2MB+ buffer with the above condition will encounter this issue. i have fixed the problem on all the calling code in memory.c using php_error_docref, i see that in phar they have handled the condition with zend_throw_exception_ex. i am not in a position to decide which one is best at this time. i think a friendly warning is better than a SIGSEGV at this point :) i have validated this problem exists on github-master and releases 5.4.37, 5.4.17 i will post my pull-request in a comment Test script: --------------- #mkdir /tmp/x #chmod 444 /tmp/x #export TMPDIR=/tmp/x $fp = fopen('php://temp', 'r+'); $data = implode('', array_fill(0, (1024 * 1024 * 2), 'A')); fwrite($fp, $data);